Static task
static1
General
-
Target
731261b7a392a9293f6f17a909c35120N.exe
-
Size
52KB
-
MD5
731261b7a392a9293f6f17a909c35120
-
SHA1
d537e1ee8e44d1f94e2a22392f2f1ee24f001eb8
-
SHA256
2ec87db26d93de692b949d9677dc8a5ff6233bde9ba4da2aac9ba77d054853cf
-
SHA512
daf5c12dfa0d8f06997402f3f3341ea176f2a747a3c4eabce52b4cd8fbeba96b81ef0f89c20cbb970d3ecd6a4e2c43300fc342f81cb26fe6fc38f6f23e9763bf
-
SSDEEP
1536:8Aj0rQ2bBwdPvSMA7/EzviR1/zGlt7ZeT/BVbi4neYx:860rQsBwFnU82mtderBVbi4neYx
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 731261b7a392a9293f6f17a909c35120N.exe
Files
-
731261b7a392a9293f6f17a909c35120N.exe.sys windows:6 windows x86 arch:x86
82cfc9c8ebbcfc67d19b94a34e523684
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
KeEnterCriticalRegion
MmGetSystemRoutineAddress
RtlInitUnicodeString
PsGetVersion
IofCompleteRequest
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoDeleteSymbolicLink
swprintf
RtlRandom
KeQuerySystemTime
IoCreateSymbolicLink
IoCreateDevice
ZwClose
KeLeaveCriticalRegion
MmIsAddressValid
ObfDereferenceObject
ObReferenceObjectByHandle
ZwOpenDirectoryObject
KeTickCount
KeBugCheckEx
RtlUnwind
ExFreePoolWithTag
ExAllocatePoolWithTag
hal
KfReleaseSpinLock
KfAcquireSpinLock
Sections
MHhor"co Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
3u4( 8(U Size: 512B - Virtual size: 344B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7S?>AZm' Size: 512B - Virtual size: 564B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Yav?4jie Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_5'6U),Q Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
_DuTy7?8 Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ